I have not had one instance of abusing the OneDrive sharing feature and it's not something I ever even conceived of but it makes sense since you can put anyone's email address into the share pane. Is Microsoft even doing anything though? Or is there a difference in OneDrive? I can't think of a single instance of "OneDrive spam". So, based on that statement, and given that more than a billion people use Gmail now, potentially more than a million Gmail users had their contact lists ransacked today.However OneDrive handles this, Google should do that. There’s no further action users need to take regarding this event users who want to review third party apps connected to their account can visit Google Security Checkup. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. We were able to stop the campaign within approximately one hour.
#Google drive spam from my email manual
We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We realize people are concerned about their Google accounts, and we're now able to give a fuller explanation after further investigation. Final updateĪ Google spokesperson has got back to us with some more info: But, Cooper pointed out, the attacker would also have been able to scan emails for useful snippets of data for other attacks. In the best case scenario the attackers would just have gained a shed-load of valid email addresses and a good idea of who is likely to click on such links.
"It was a hell of an attack, but may have been too successful for its own good." "Nation state attacks prefer to stay under the radar," he explained. The attack bears some similarities to a nation-state attack earlier this year but he said that, in his opinion, this case was too noisy to be state actors. We encourage users to report phishing emails in Gmail."Ĭooper Quintin, staff technologist at the EFF, told The Register that he has now collected over 400 samples of the emails and it doesn't appear to be carrying a malware payload. "We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. "We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts," said a spokesperson in an email. Google has now issued a statement on the attack, saying it has locked down its systems to prevent any further spread of the emails. Reg hacks who received the messages had to fish the phishes out of their spam folders. What is clear is that this messages are spreading like wildfire and the attackers are going to be harvesting email lists for future attacks – so let's be careful out there.įor what it's worth, the servers hosting the malicious app appear to be down at time of writing. It doesn't appear at this point that there's a malware payload included with the messages, but it's very early days yet. Our team is aware of this issue and working on it. Gmail has also said it is aware of the Hi Ali. Google hasn't released an official statement, however its Project Zero wunderkind Tavis Ormandy has confirmed that the security team is on the case. Simply go into your Google account permissions page and remove all the access privileges for the evil Google Docs account. If you have fallen prey to the attack, there are steps that can be taken to ameliorate the situation.
0 kommentar(er)
